[opensuse-buildservice] Expired OBS Keys?
It seems the OBS Security key (keyid 79EAFD54) on keys.gnupg.net has expired (2011-Apr-2). Would it be possible for someone to update it? I know an updated key has been generated (which expires 2013) as it can be found here: http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbu... Further details can be found via: http://lists.wald.intevation.org/pipermail/openvas-distro/2011-April/thread.... Basically the issue came to light when following instructions: http://www.openvas.org/install-packages.html#openvas4_ubuntu_obs -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
El 20/04/11 16:10, King Thorin escribió:
It seems the OBS Security key (keyid 79EAFD54) on keys.gnupg.net has expired (2011-Apr-2). Would it be possible for someone to update it?
I know an updated key has been generated (which expires 2013) as it can be found here: http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbu...
osc signkey --extend -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
----------------------------------------
Date: Wed, 20 Apr 2011 16:12:26 -0300 From: crrodriguez@opensuse.org To: opensuse-buildservice@opensuse.org Subject: Re: [opensuse-buildservice] Expired OBS Keys?
El 20/04/11 16:10, King Thorin escribió:
It seems the OBS Security key (keyid 79EAFD54) on keys.gnupg.net has expired (2011-Apr-2). Would it be possible for someone to update it?
I know an updated key has been generated (which expires 2013) as it can be found here: http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbu...
osc signkey --extend --
Hey Chris, thanks for the speedy reply. Sadly that means absolutely nothing to me. I'm guessing some maintainer somewhere has already done what you're suggesting as mentioned the Release.key is set to expire in 2013. However I don't think that results in an update to keys.gnupg.net (though I could totally be wrong). -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
El 20/04/11 16:28, King Thorin escribió:
----------------------------------------
Date: Wed, 20 Apr 2011 16:12:26 -0300 From: crrodriguez@opensuse.org To: opensuse-buildservice@opensuse.org Subject: Re: [opensuse-buildservice] Expired OBS Keys?
El 20/04/11 16:10, King Thorin escribió:
It seems the OBS Security key (keyid 79EAFD54) on keys.gnupg.net has expired (2011-Apr-2). Would it be possible for someone to update it?
Keys can only be revoked in usual keyservers, you have to use the new key instead. -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On Wed, Apr 20, 2011 at 03:28:29PM -0400, King Thorin wrote:
----------------------------------------
Date: Wed, 20 Apr 2011 16:12:26 -0300 From: crrodriguez@opensuse.org To: opensuse-buildservice@opensuse.org Subject: Re: [opensuse-buildservice] Expired OBS Keys?
El 20/04/11 16:10, King Thorin escribió:
It seems the OBS Security key (keyid 79EAFD54) on keys.gnupg.net has expired (2011-Apr-2). Would it be possible for someone to update it?
I know an updated key has been generated (which expires 2013) as it can be found here: http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbu...
osc signkey --extend --
Hey Chris, thanks for the speedy reply. Sadly that means absolutely nothing to me.
I'm guessing some maintainer somewhere has already done what you're suggesting as mentioned the Release.key is set to expire in 2013. However I don't think that results in an update to keys.gnupg.net (though I could totally be wrong).
I uploaded the extended key to the keyservers. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
----------------------------------------
Date: Thu, 21 Apr 2011 09:19:39 +0200 From: meissner@suse.de To: kingthorin@hotmail.com CC: crrodriguez@opensuse.org; opensuse-buildservice@opensuse.org Subject: Re: [opensuse-buildservice] Expired OBS Keys?
On Wed, Apr 20, 2011 at 03:28:29PM -0400, King Thorin wrote:
----------------------------------------
Date: Wed, 20 Apr 2011 16:12:26 -0300 From: crrodriguez@opensuse.org To: opensuse-buildservice@opensuse.org Subject: Re: [opensuse-buildservice] Expired OBS Keys?
El 20/04/11 16:10, King Thorin escribió:
It seems the OBS Security key (keyid 79EAFD54) on keys.gnupg.net has expired (2011-Apr-2). Would it be possible for someone to update it?
I know an updated key has been generated (which expires 2013) as it can be found here: http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbu...
osc signkey --extend --
Hey Chris, thanks for the speedy reply. Sadly that means absolutely nothing to me.
I'm guessing some maintainer somewhere has already done what you're suggesting as mentioned the Release.key is set to expire in 2013. However I don't think that results in an update to keys.gnupg.net (though I could totally be wrong).
I uploaded the extended key to the keyservers.
Ciao, Marcus --
Thanks Marcus, I've verified that it's been updated: user@laptop:~$ sudo apt-key remove 79EAFD54 OK user@laptop:~$ sudo apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys BED1E87979EAFD54 Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver hkp://keys.gnupg.net --recv-keys BED1E87979EAFD54 gpg: requesting key 79EAFD54 from hkp server keys.gnupg.net gpg: key 79EAFD54: public key "security OBS Project <security@build.opensuse.org>" imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1 user@laptop:~$ sudo apt-key list /etc/apt/trusted.gpg -------------------- . . . pub 1024D/79EAFD54 2009-01-22 [expires: 2013-06-16] uid security OBS Project <security@build.opensuse.org> -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
From: kingthorin@hotmail.com To: meissner@suse.de CC: opensuse-buildservice@opensuse.org Subject: RE: [opensuse-buildservice] Expired OBS Keys? Date: Tue, 26 Apr 2011 08:36:14 -0400
----------------------------------------
Date: Thu, 21 Apr 2011 09:19:39 +0200 From: meissner@suse.de To: kingthorin@hotmail.com CC: crrodriguez@opensuse.org; opensuse-buildservice@opensuse.org Subject: Re: [opensuse-buildservice] Expired OBS Keys?
On Wed, Apr 20, 2011 at 03:28:29PM -0400, King Thorin wrote:
----------------------------------------
Date: Wed, 20 Apr 2011 16:12:26 -0300 From: crrodriguez@opensuse.org To: opensuse-buildservice@opensuse.org Subject: Re: [opensuse-buildservice] Expired OBS Keys?
El 20/04/11 16:10, King Thorin escribió:
It seems the OBS Security key (keyid 79EAFD54) on keys.gnupg.net has expired (2011-Apr-2). Would it be possible for someone to update it?
I know an updated key has been generated (which expires 2013) as it can be found here: http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbu...
osc signkey --extend --
Hey Chris, thanks for the speedy reply. Sadly that means absolutely nothing to me.
I'm guessing some maintainer somewhere has already done what you're suggesting as mentioned the Release.key is set to expire in 2013. However I don't think that results in an update to keys.gnupg.net (though I could totally be wrong).
I uploaded the extended key to the keyservers.
Ciao, Marcus --
Thanks Marcus, I've verified that it's been updated:
user@laptop:~$ sudo apt-key remove 79EAFD54 OK
user@laptop:~$ sudo apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys BED1E87979EAFD54 Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver hkp://keys.gnupg.net --recv-keys BED1E87979EAFD54 gpg: requesting key 79EAFD54 from hkp server keys.gnupg.net gpg: key 79EAFD54: public key "security OBS Project <security@build.opensuse.org>" imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1
user@laptop:~$ sudo apt-key list /etc/apt/trusted.gpg -------------------- . . . pub 1024D/79EAFD54 2009-01-22 [expires: 2013-06-16] uid security OBS Project <security@build.opensuse.org> -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
This key has expired again: sudo apt-key list /etc/apt/trusted.gpg -------------------- pub 1024D/79EAFD54 2009-01-22 [expired: 2013-06-28] uid security OBS Project <security@build.opensuse.org> -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
On Wed, Apr 20, 2011 at 15:10, King Thorin <kingthorin@hotmail.com> wrote:
It seems the OBS Security key (keyid 79EAFD54) on keys.gnupg.net has expired (2011-Apr-2). Would it be possible for someone to update it?
I know an updated key has been generated (which expires 2013) as it can be found here: http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbu...
Further details can be found via: http://lists.wald.intevation.org/pipermail/openvas-distro/2011-April/thread....
Basically the issue came to light when following instructions: http://www.openvas.org/install-packages.html#openvas4_ubuntu_obs -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Just abolish the keys. When I am prompted to accept or reject I always select accept always without any thought or verification. For all I know I am accepting a malicious key, and with the way that the openSUSE mirrors are handled, that wouldn't be impossible. -- Med Vennlig Hilsen, A. Helge Joakimsen -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
participants (4)
-
Andrew Joakimsen
-
Cristian Rodríguez
-
King Thorin
-
Marcus Meissner